用于车联网BSM消息的ECQV-Schnorr签名聚合及快速验证检错方案  被引量：2

作　　者：刘振亚 林璟锵 鲍旭华 董建阔 LIU Zhen-Ya;LIN Jing-Qiang;BAO Xu-Hua;DONG Jian-Kuo(School of Cyber Science and Technology,University of Science and Technology of China,Hefei 230027,China;Beijing Research Institute of USTC,Beijing 100193,China;Sangfor Technologies Inc.,Shenzhen 518055,China;School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)

机构地区：[1]中国科学技术大学网络空间安全学院,合肥230027 [2]北京中科研究院,北京100193 [3]深信服科技股份有限公司,深圳518055 [4]南京邮电大学计算机学院,南京210023

出　　处：《密码学报》2023年第4期702-719,共18页Journal of Cryptologic Research

基　　金：国家重点研发计划(2020YFB1005803);江苏省自然科学基金(BK20220388)。

摘　　要：BSM消息广播是车联网通信的最主要内容,直接影响到车辆的行驶安全,发送车辆会对每条BSM计算数字签名以防范消息伪造.相关文献指出,车辆在1 s内最多会收到千余条BSM消息,且验证延迟不能超过100 ms,现有的车载设备很难达到要求.本文结合ECQV隐式证书和Schnorr签名,提出了一种基于车联网SCMS(security credential management system)证书服务体系,用于车联网BSM消息的签名聚合方案,支持聚合验证,能够显著减小签名验证的计算消耗.在有消息签名验证错误的情况下,提出了一种快速检测错误签名的方法:首先将待验证的BSM消息根据发送车辆证书的CA进行分组,对每一个分组进行分组验证,每一轮分组验证将待验证的消息分为θ组,逐组地聚合验证,检测到验证错误的分组,然后再对其进行新一轮迭代分组验证,直至检测到验证出错的消息.讨论了使验证计算消耗最小的最优分组数,并根据验证车辆的不同预计算配置,分别分析了最优分组数和计算消耗.所提方案的计算消耗显著优于逐一验证的检错方法.The BSM broadcast between vehicles is the most common method of communication in Internet of vehicles(IoV),which has a direct impact on the safety of vehicles.To resist against message forging attacks,the message sender is required to create a digital signature for each BSM.It was pointed out in public literatures that,a vehicle will receive up to more than one thousand BSM to verify within one second,hence the verification delay cannot exceed one hundred milliseconds,which is difficult to achieve for current existing in-vehicle equipments.To solve the problem above,by combining ECQV implicit certificate and Schnorr signature,this paper proposes a signature aggregation scheme based on SCMS(security credential management system)for BSM of IoV,which supports aggregation verification and can reduce the computational consumption of the signature verification significantly.In the proposed scheme,a method is proposed to quickly detect invalid signatures.First,those messages with signatures to be verified are divided into groups according to the CA of the senders’certificates,then the group verification will be performed on each group.The messages to be verified are divided intoθgroups in each round of group verification,which will be verified aggregately group by group until a group with an invalid signature is detected.Then,a new round of iterative grouping verification is performed on the group until the message with an invalid signature is detected.Moreover,this paper discusses the optimal number of groups to minimize the computational cost of the verification,and analyzes the optimal number of groups and computational cost respectively according to different pre-computing configurations of the verifier.The analysis results show that the computational cost of the proposed scheme is significantly better than that of the one-by-one verification error detection method.

关 键 词：车联网 ECQV Schnorr聚合签名 SCMS 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]